59 lines
1.7 KiB
TypeScript
59 lines
1.7 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { auth } from '@/auth'
|
|
import { prisma } from '@/lib/prisma'
|
|
import bcrypt from 'bcryptjs'
|
|
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const session = await auth()
|
|
|
|
if (!session?.user?.id) {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
|
}
|
|
|
|
const { currentPassword, newPassword } = await request.json()
|
|
|
|
if (!currentPassword || !newPassword) {
|
|
return NextResponse.json({ error: 'All fields are required' }, { status: 400 })
|
|
}
|
|
|
|
if (newPassword.length < 6) {
|
|
return NextResponse.json({ error: 'Password must be at least 6 characters long' }, { status: 400 })
|
|
}
|
|
|
|
// Get current user with password
|
|
const user = await prisma.user.findUnique({
|
|
where: { id: session.user.id },
|
|
select: { password: true }
|
|
})
|
|
|
|
if (!user || !user.password) {
|
|
return NextResponse.json({ error: 'User not found or password not set' }, { status: 404 })
|
|
}
|
|
|
|
// Verify current password
|
|
const isCurrentPasswordValid = await bcrypt.compare(currentPassword, user.password)
|
|
|
|
if (!isCurrentPasswordValid) {
|
|
return NextResponse.json({ error: 'Current password is incorrect' }, { status: 400 })
|
|
}
|
|
|
|
// Hash new password
|
|
const hashedNewPassword = await bcrypt.hash(newPassword, 12)
|
|
|
|
// Update password
|
|
await prisma.user.update({
|
|
where: { id: session.user.id },
|
|
data: { password: hashedNewPassword }
|
|
})
|
|
|
|
return NextResponse.json({ message: 'Password updated successfully' })
|
|
} catch (error) {
|
|
console.error('Error changing password:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Failed to change password' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|